[issue3514] pickle segfault with infinite loop in __getattr__
Alexandre Vassalotti
report at bugs.python.org
Mon Aug 11 07:48:48 CEST 2008
Alexandre Vassalotti <alexandre at peadrop.com> added the comment:
This is a bug in the C implementation of pickle (i.e., the _pickle
module). I think you're right about the missing exception check. At
first glance, it looks like the missing else-if case for "setstate ==
NULL", in load_build(), is the cause of the problem:
static int
load_build(UnpicklerObject *self)
{
...
setstate = PyObject_GetAttrString(inst, "__setstate__");
if (setstate == NULL && PyErr_ExceptionMatches(PyExc_AttributeError)) {
PyErr_Clear();
}
/*---missing else-if case---------
else if (setstate == NULL) {
return NULL;
}
----------------------------------*/
else {
PyObject *result;
/* The explicit __setstate__ is responsible for everything. */
result = unpickler_call(self, setstate, state);
Py_DECREF(setstate);
if (result == NULL)
return -1;
Py_DECREF(result);
return 0;
}
...
----------
nosy: +alexandre.vassalotti
priority: -> normal
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue3514>
_______________________________________
More information about the Python-bugs-list
mailing list